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We introduce a variant of linear logic with second order quantifiers and type fixpoints, both restricted 
to purely linear formulas. The Church encodings of binary words are typed by a standard non-linear 
type 'Church,' while the Scott encodings (purely linear representations of words) are by a linear type 
'Scott.' We give a characterization of polynomial time functions, which is derived from (Leivant and 
Marion 93): a function is computable in polynomial time if and only if it can be represented by a 
term of type Church => Scott. 

To prove soundness, we employ a resource sensitive realizabiUty technique developed by Hof- 
mann and Dal Lago. 

1 Introduction 

The field of implicit computational complexity aims to provide abstract, qualitative, machine-independent 
characterizations of complexity classes such as polynomial time and polynomial space functions. Along 
its development, two crucial factors for bounding complexity of programs have been identified: 

Linearity: In the higher order setting, non-linear use of function variables often causes an exponential 
growth of execution time. Hence a natural approach is to restrict use of higher order variables, often 
using types, in order to capture the desired complexity classes. Examples are light linear/affine 
logics llTn i2l. their variant dual light affine logic Q, soft linear logic |[T5l . and mixtures of linear 
higher order types with safe recursion (eg., IH, |[T3l ). These logics all capture polynomial time 
functions, while there are also systems corresponding to polynomial space [10| and elementary 
functions ifTTI . 

Data tiering: Another source of exponential explosion lies in nested use of recursion, as observed by 
||4l[T6l. Hence one naturally restricts the structure of primitive recursive programs by data tiering. 
This approach is most extensively pursued by a series of papers by Leivant and Marion on tiered 
recursion (ramified recurrence) ifTTlfTSlfTQlllOlllTI . In tiered recursion, one has a countable number 
of copies of the binary word algebra, distinguished by tiers. Then a bad nesting of primitive 
recursion is avoided by requiring that the output of the defined function has a lower tier than the 
variable it recurses on. 

Data tiering and iiigiier order functionals. Along their development of ramified recurrence, Leivant 
and Marion have made an interesting observation in lITSl . which reveals an intimate relationship between 
data tiering and higher order functionals. They consider a simply typed A -calculus over a first order 
word algebra, called lAP(W). The system is inherently equipped with two "tiers": the first order word 
algebra (of base type o) as the lower "tier," and the Church encodings of words (of higher order type (t — > 
t)^ — ?> t — > t) as the higher one. First order words are just bit strings, while Church words internalize 
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the iteration scheme. Due to this inherent tiering, the programs from the Church words to the first order 
words capture the polynomial time functions. 

What their work reveals is a rather logical nature of tiers; in the end, tiering is nothing but the 
distinction between first order and higher order data. It is then natural to go one step further towards the 
logical direction, by replacing the first order algebra with the linear lambda terms, and by identifying the 
higher order data with non-linear terms. Our intuition is backed up by the fact that the linear encoding 
of words, often attributed to Scott (cf. [1]), behaves very similarly to the first order words; for instance, 
they admit constant time successor, predecessor and discriminator, while they are not enhanced with the 
power of iteration in their own. 

To identify the set of Scott words, it is useful to introduce a type system with linearity and type 
fixpoints. We therefore introduce a variant of linear logic, called DIAL/,-,,, as a typing system for the 
pure A -terms. This system distinguishes non-linear and linear arrows and has second order quantifiers 
and type fixpoints, both restricted to Unear types. Morally, the base type of lAP(W) corresponds to the 
hereditarily linear formulas of DIAL/,-,,, and the higher types of lAP(W) to the non-linear formulas. We 
then characterize the class of polynomial time functions as those represented by terms of type: 'Church' 
(nonlinear words) =^ 'Scott' (linear words). The two types for binary words play the role of the two tiers. 
Our work thus exhibits a connection between the two factors controlling complexity: linearity and data 
tiering. 

Resource sensitive realizability. Following some preceding works |[T2l[T3l[T4l . Dal Lago and Hofmann 
have introduced in [SJ a realizability semantics which is useful to reason about the complexity bounds 
for various systems uniformly. In their framework, the realizers are pure A -terms (values, to be more 
precise) under the weak call-by-value semantics, and they come equipped with the resource bounds 
expressed by elements of a resource monoid. Various systems are then dealt with by choosing a suitable 
resource monoid, while the basic realizability constructions are unchanged. This framework has offered 
new and uniform proofs of the soundness theorems for LAL, EAL, LFPL, SAL and BLL with respect to 
the associated complexity classes 161 17]. 

We here apply their technique to prove that all terms of type Church ^ Scott in the system DL\.L/„, 
are polytime. The main novelty is that we build a suitable (partial) resource monoid based on higher 
order polynomials. Also, we do not require that realizers are values. This allows us to directly infer the 
complexity bounds of arbitrary A terms (not restricted to values). 

Outline. Section |2] introduces the system DIAL/,-,, and states the main results. Section [3] introduces 
the realizability semantics and proves the adequacy theorem. Section lUappUes these tools to derive the 
soundness theorem. Section [5] concludes this work. 

2 System DIAL/,>j 

In this section, we recall the weak call-by- value A -calculus with the time cost measure of [Ol, and then 
introduce the type system DIAL/,-,, derived from second order affine linear logic with type fixpoints. The 
system emulates the two tiers of lAP(W) by distinguishing linear and non-linear types. 

2.1 Weak call-by- value lambda calculus with time measure 

We assume that a set of variables x,j,z, ... are given. As usual, the X-terms t,u ai^e defined by the 
grammar: t,u ::=x\ Xx.t \ tu. The set of A-terms is denoted by A. Terms of the form x or Xx.t are called 
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values. We denote by FV{t) the set of the free variables of t and by p]]^ the jS-normal form of t. The 
size \t\ of a term t is defined by: 

|x| = 1, |Ajc.?| = |?| + 1, |fM| = |f| + |m|. 

As with 191, we adopt the weak call-by-value reduction strategy, which is defined by: 



{Xx.t)v -^ t\v/x\ t[U^ t2U Ut\ -^ Ut2 

where v denotes a value. We write ? J| if ? evaluates to a value v: t — ;•* v. The value v is unique whenever 
t — )•* V, so we write [[f]] = v. It should not be confused with the j8-normal form [[?]]p off. 

The cost of evaluation is specified by a ternary relation t -^^ u, meaning that t reduces to u with cost 
n, defined as follows: 

t^u n = max{\u\-\t\,\} s-^t t -^ u 



n n+m 

t —^t t -^ u s — H^ u 

The definition takes into account the cost of duphcations. In particular we have: 

Lemma 2.1. Suppose that {Xx.t)v — H t[v/x\ and x occurs c times in t. Then n = I if c < I, and n < 

{c-l)\v\ifc>2. 

Proof. In the first case, |?[v/jc]| < |(Ax.f)v|. In the second case, |?[v/;c]| — |(A;c.?)v| < \t\ +c\v\ — {\t\ + 
l + |v|)<(c-l)|v|. D 

A distinctive feature of the above cost model is that the cost n is unique: t -^ v and t -^^ v imply 
n = m 191. So we may define Time{t) = n without ambiguity {Time{t) is undefined if t ^). Finally, let 
TS{t) = Time{t) + \t\. (It should be noticed that TS{t) is denoted as Time{t) in 191; our notation is due 
toU.) 

It is proved in 191 that this cost model is invariant, which means that A -calculus and Turing machines 
simulate each other with a polynomial time overhead. In particular, we have: 

Theorem 2.2. There exists a Turing machine M^vai with the following property: given a X-term t such 
that t JJ- and TS{t) = Time{t) + |?| = n, Meval computes [[?]] in time 0{n^). 

The following facts (cf. lH) will be useful below. 

Lemma 2.3. The following hold when t JJ.. 

(size) m\<TS{t). 

(exchange) Ift = {XxiX2.s)uiU2 and t' = {Xx2Xi.s)u2Ui, then TS{t') = TS{t). 

(contraction) Ift = {?iX[X2.s)uu andt' = {Xx.s[x/xi,x/x2])u, then TS{t') < TS{t). 

(weakening) Ift' = {Xx.t)u, x ^ FV{t) and u JJ., then TS{t') = TS{t) + TS{u)+2. 

(concatenation) Ift = si{{Xx.S2)u) andt' = {)ix.S[S2)u (x ^FV{si)), then TS{t') = TS{t). 

(identity) Ift' = {Xx.x)t, then TS{t') = TS{t) + 'i. 
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Proof. For (size), it is sufficient to prove that if f — > m then TS{t) > TS{u). If \u\ — \t\ > 1, we have 

TS{t) = Time{t) + |f | = {\u\ - \t\ + Time{u)) + |?| = Time{u) + \u\ = TS{u). Otherwise, TS{t) = (1 + 
Time{u)) + |f | > Time{u) + \u\ = TS{u). 

For (weakening), we have t' ->> (Ax.f)[[M]] — H> t with n = Time{u). Hence TS{t') = Time{t') + \t'\ = 
(« + 1 + Time{t)) + (|f | + |m| + 1) = TS{t) + rS(M) + 2. 

For (identity), we have t' ->> (A;c.x)[[?]] -U [[?]] with n = Time{t). Hence TS{t') = Time{t') + \t'\ = 

(« + i) + (|f| + 2) = rs(0 + 3. 

For (contraction), we have? ^-> (AxiX2.i')[[M]][[M]] -^5[[[m]]/;ci, [[m]]/jc2] =?o andf' -^ (Ax.5'[x/xi,x/x2])[[m]] 

k 

-^f>- tQ. Consider the case when each of x\ and X2 occurs more than once in s. Then m = \to\ — 
I (AxiX2.i') [[«]][[«]] I and k = |fo| — |(Ax.i'[x/xi,x/x2])[[M]]|. Hence we have: 

TS{t) = 2n+{\tQ\-\{Xx^X2.s)MM\) + Time{to) + \t\ 

= 2« + r5(?o) + 2|M|-2|M|; 

TS{t') = n + {\tQ\-\{Xx.s[x/xY,x/x2])M\) + Time{tQ) + \t'\ 

= n + TS{k,) + \u\-\lu]]\. 

By (size), we have | [[«]] | < TS{u) =n + |m|, hence we conclude TS{t') < TS{t). The calculation is similar 
when either zi or Z2 occurs at most once. 

The equations for (exchange) and (concatenation) are easily verified. D 

2.2 The dual type system 

We now introduce the system DIAL/,,, : the dual intuitionistic affine logic with Unear quantifiers and type 
fixpoints. It is based on intuitionistic linear logic with unrestricted weakening (thus "linear" actually 
means "affine"). It does not possess the ! connective but distinguishes linear and non-linear function 
spaces as in Q. It has the second order quantifier and the type fixpoint operator, but both are restricted 
to purely linear formulas. 

Given a set of propositional variables a, /3 , . . . , the (general) formulas A,B,... and the linear formu- 
las L,M,... are defined by the following grammar: 

L,M ::= a \ VaL | i^a&^ \L^M, A,B ::= L \ ^aA \L^B\A^B. 

(*) : we add the condition that we can build jxaL only if a occurs only positively in L. This is a common 
restriction that makes it easier to interpret fixpoint types in realizability semantics. 

Thus the linear formulas are the formulas that do not contain any =>. 

We handle judgments of the form F; A h f : A, where A consists of assignments of the form (x : L) 
with L a linear formula, and F consists of (x : A) with A an arbitrary formula. We assume that variables 
in F and A are distinct. The variables in A are intended to be affine linear: each of them occurs at most 
once in t, in contrast to those in F which may have multiple occurrences. The typing rules are defined in 
Figure [T] Notice that L always denotes a linear formula. 

We say that a term t is of type A in DIAL;,„ if h f : A is derivable by the typing rules in Figure [U 
Below are some remarks. 

• The intended meaning of judgment F;A h f : A is !F*, A h t :A*, where F*,A* are translations into 
lineal- logic given by (B => C)* =\B* —o C*. Hence the rule (Contr) can be applied only to variables 
inF. 
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{axl) {ax2) 

x:A;\-x:A ;x : L\- x : L 

r;A\-t : ixaL r;A\- t : L[iiaL/a] 



r;A\-t -.Lli^aL/a] T;Aht:ixaL 

^ (V,-) (V,) 

r;Ahf:VaA T;Aht:A[L/a\ 

ri;Ahf:A^B T2,'ru:A r,z:A;Ah?:B 



Ti,T2\A'^tu:B r;AhAz?:A^B 

ri;Aihf:L^B r2;A2hM:L r;A,z:Lhf:B 

ri,r2;Ai,A2h?M:B ^' Y;A^Xzt:L^B ^' 

T,x:A,y:A\A'rt:B r;A,x: Lh t : B r;Aht:B 

(Contr) (Derel) (Weak) 



r,z:A;Aht[z/x,z/y]:B T,x:L;A^t:B r,r';A,A' h ? : B 



Figure 1 : Typing rules of DIAL/,„ 



• The =^e rule implicitly performs the ! promotion on A, so the judgment for u should not contain a 
linear variable. 

• We only allow substitution of linear formulas for propositional variables (in rules (Vg), (/i,) and 
{lie))- One can check that such a substitution in a formula always results in a formula. This restric- 
tion is strictly necessary, since the exponential function would be typed otherwise (see below). 

• One unpleasant restriction is that the premise L of a linear- implication L —o B has to be linear. It 
does not seem essential for complexity, but our realizability ai^gument forces it. 

• The type system enjoys the subject reduction property with respect to the j8-reduction. 



2.3 Church and Scott data types 

In DIAL/,,,, data may be represented in two ways, either in the Church style or in the Scott style. Figure 
|2] illustrates the two encodings for natural numbers n and binary words w € {0, 1}*, together with some 
basic functions defined on them. In the definition of w*, w is assumed to be /i • • • /„ where each 4 is either 
Oorl. 

The first thing to be verified is the following: 

Proposition 2.4. For every term t in (5 -normal form, h ? : N* if and only ift is a Church numeral n* (or 
Xx.x, that is ri -equivalent to 1*). h f : N° if and only ift is a Scott numeral n°. Similarly for Church and 
Scott words. 

Proof. The claim is standard for Church numerals. So let us focus on Scott numerals. The following 
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derivations show that h n° : N° for every natural number n. 
■,y : a \- y: a 



■,x: N°^a,y 


: a\-x: 


N°- 


a h 


n°:N 


■x:H° 


-^a,y 


:ah. 


xn° : a 




h(n + ir: 


(N°^ 


a)^ 


(a -<' 


a) 


h(n + l)°:Va.(N°- 


-o a) 


-(«- 


-^a) 



;;c: N° ^) a,y : a\-y: a 

hO°:(N°^a)^(a^a) 
h 0° : Va.(N° ^ a) ^ (a ^ a) 

hO°:N° h(n + l)°:N° 

For the other direction, we proceed by induction on the size of t. Suppose that h t : N°. Since t is in 
j8 -normal form, the last part of the derivation must be necessarily of the form 

;a;: N° ^3 a,y : a h f o : « 



h Xxy.tQ : (N° ^ a) ^ (a ^ a) 

h Xxy.to : Va.(N° ^ a) ^ (a ^ a) 

h Xxy.to : N° 

and f = Ajcj.?o- Since ?o is no more an abstraction, it must be either y or of the form xti with h ?i : N°. In 
the former case we have t = 0°, while in the latter case we may apply the induction hypothesis to obtain 
fi = n° for some n. Hence t = Xxy.xn° = (n + 1)°. D 

Let us come back to Figure [2l As usual. Church numerals n*,m* can be multiplied by composition 
n*om* = Xf.n'{m'f). This can be repeated arbitrary many but fixed times, so we naturally obtain terms 
mult* and men* representing multiplication and monomial x i-^- x" of degree n. On the other hand, it is 
not possible to encode exponentiation, since it requires of instantiation of a with a non-linear formula 
such as N*, that is not allowed in DIAL/,-,,. 

Turning on to the Scott numerals and words, observe that they are affine linear, and admit constant 
time successor succ° and predecessor pred° in contrast to Church. 

Every finite set of cardinality n can be represented by B°, and the tensor product of two linear 
formulas by L(g)M. These allow us to linearly represent the decomposer dec°, which works as follows: 
dec°(iw°) = b° w° for / G {0, 1} and dec°(e°) = b° ® £°. 

Given these building blocks, it is routine to encode the transition function of a Turing machine by a 
term of linear type L ^3 L. It can then be iterated by means of iter* : N* =^ (L — o L) =^ (L ^ L). Combin- 
ing it with men* and other "administrative" operations, we obtain an encoding of ai^bitrary polynomial 
time Turing machines. 

Theorem 2.5 (FP-completeness). For every polynomial time function / : {0, 1}* — )• {0, 1}*, there exists 
a X-term tf of type W* =^ W° in DIAL;,-,,. Given w € {0, 1}*, we have [[f/w*]]|3 = f (w)°. 

A couple of remarks are in order. 

• Both Church and Scott numerals/words can be generalized to lists, trees and their combinations. 
It is indeed an advantage of the polymorphic setting that there is a generic means to build various 
data types. Moreover, we may consider for instance the Church Usts of Scott numerals. 

• In view of the fact that our system is derived from lAP(W) of iW\, one may wonder whether it 
is possible to give a direct translation of lAP(W) into DIAL/,-,, for proving FP-completeness. It 
is, however, not straightforward because lAP(W) is not sensitive to the distinction between linear 
and non-linear arrows, that is crucial for our system. In particular, our Church numerals only 
allow iteration of linear functions L —o L, while the Church numerals of lAP(W) allow iteration 
of non-linear functions as well. 
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Church numerals and words : 








N* = \/a{a ^ a) ^ {a ^ a) 
n- = Xfx.f{...f{x)...) 


W E 

w* = 


= Va(a^ a) ^ (a ^a) ^ (a ^ 
= A/o.A/i.Ax./;-. (/,,(...(/,„ (x)...))) 


a) 


n times 

mult* = XxyXf.x{yf) : N* ^ N* ^ N* 


mon* E 


= XxXf.x{---{xf)---):N'^H* 

n times 





Scott numerals and words 



0° = Xxy.y 
(n + l)° = Xxy.x{n°) 



succ 



Xz.Xxy.xz : N° 



N" 



a) W° = At/3Va(/3^a)^(i8^ 

E° = Xxyz-z 

(Ow)° = Xxyz.x{y\i°) 

(lw)° = Xxyz-y{^N°) 

pred° = Xz.z{Xx.x){id°):n° ^U' 



a) 



{a -<• a) 



Finite sets and tensor product : 














= Va.a 


^3 ...a -^a 




= Va.(L- 

E Xx.XtU 


{f.L, 


3 a) ^3 
u:M) 


a 


= Xxo-- 


n times 
Xn-l-Xi 



Decomposer and iteration 



dec° = Xz.zi^y.h°(E)y)iXy.bl(g)y)ib°2^e°) : W° 
iter* = Xxfg.xfg : N* ^ (L ^ L) ^ {L ^ L) 



B;«)W° 



Figure 2: Basic encodings 

The rest of this paper is concerned with the converse of Theorem 12.51 Namely, we prove: 

Theorem 2.6 (FP-soundness). For every X-tenn t of type W* => W°, the associated function f : {0, 1}* — > 
{0, 1}* defined by ft{w\) = W2 44> [[?wi*]]|3 = W2° is a polynomial time function. 

Altogether, these two theorems ensure that the terms of type W* =^ W° in DIAL/,-,, precisely capture 
the class FP of polynomial time functions. 

3 Resource sensitive realizability 

We now develop a resource sensitive realizability semantics for DIAL/,,, inspired by [81. It concerns with 
the realizability relation t,p \\--q A, where A is a formula to be realized, T] is a valuation of propositional 
variables, and ? is a A -term, called a realizer, that embodies the computational content of a given proof. 
The second component p is a higher order (additive) polynomial, called a majorizer, that imposes a 
resource bound on t. Since we do not intend our model to be categorical, we do not include the denotation 
of t in the realizability relation (in contrast to the length space of ||8]). 

We then show the adequacy theorem, ensuring that DIAL/,-,, is sound with respect to the realizability 
semantics. 



3.1 Higher order polynomials 

We begin with the description of majorizers, namely higher order polynomials. Actually they are just 
monotone additive terms (without multiplication), but we nevertheless call them polynomials, since they 
will indeed serve as polynomials bounding the runtime of realizers (see Theorem 14.21 ). Using higher 
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order polynomials rather than first order ones will allow us to capture the difference between linear and 
non-linear formulas. 

Definition 3.1 (Higher order polynomials). We consider simple types <7, T, . . . defined by <7 ::= o | T — >■ T, 
where o is the only base type. A higher order polynomial p is a A-term built from constants n : o (for 
every natural number n) and + : o — ^ o — ?> o. More precisely, given a set V{a) of variables for each 
simple type a, they are built as follows: 

xeVia) p:a^r q : a xeVjo) p : x ^^-^ 



X. a pq : T Xx.p :a— )-T n: o + : o ^ o ^>- o 

We denote by IT the set of closed higher order polynomials. 

The role of higher order polynomials is to impose a static, quantitative bound on realizers. Hence 
we identify them by WjSt] -equivalence and natural arithmetical equivalences. For instance, we identify 
x + y = y + x and 2 + 3 = 5. We often write p{qi,...,qn) for pq\ ■■■q,,- If p : o and c E N, we write cp 
ioT p-\ \- p (c times). 

We extend addition to higher-order terms so that one can sum up two terms at least when one of the 
summands is of base type o. Formally, let T = Ti —)•... ^- T^ —)■ o and p : r. If q : o, we denote by p + q 
the term Xxi ■ ■ ■Xk.{p{xi,...,Xk) +q)- 

We also define a lowering operator which brings a higher order term down to a base type one. It will 
allow majorizers of higher order type to bound concrete resources such as time and size. 

Ot = Xxi---Xk.O, where T = Ti ^ ...—> T^ ^o; 
ip = pOr, •••Otj., where p: t = Ti ^ ... ^ Tk^o. 

Observe that i pis a. natural number if p is a closed higher order polynomial. Notice also that I p = pif 
p:o. 

Formulas of DIAL/,„ aie mapped to types of higher order polynomials as follows: 

o{L) = o, o{L^A)=o{A), o{A^B) = o{A)^o{B), o(VaA)=o(A). 

Thus all hnear formulas collapse to o, while non-linear formulas retain the structure given by non-Unear 
arrows. 

Remark 3.2. Consider ^ = (n, +, <,D) where pi+p2is a partial operation defined only when one of 
the Pi is of type o, p < q iff \, p <\. q and D{p,q) =J, q— ], p. Then ^ gives rise to a partial resource 
monoid, namely a partial monoid that satisfies all the axioms of resource monoids given by lEl. 

It would be desirable to have a total resource monoid so that the basic results of HI would be reused 
for our purpose. However, we have no idea how to do that coherently. This problem is related to the 
above mentioned restriction on DIAL/,,, that the premise of a linear implication must be a linear formula. 

3.2 Realizability relation 

We are now ready to introduce the realizability relation. Intuitively, t,p \\- A signifies that A is the 
specification of t and p majorizes the potential cost for evaluating t when it is applied to some arguments. 
Let us begin with some notations. 

• x,l,A stand for (possibly empty) lists of variables, terms and formulas, respectively. 

• t{ui/xi,. .. ,u„/x„) denotes the term {Xx\ ■ ■ ■Xn.t)u\ ■■■Un- 



A. Brunei & K. Terui 39 

• 0, (§ stand for lists of binding expressions; for instance, 6 = ui/xi,..., m„/jc„ with xi,... ,x„ dis- 
tinct. This allows us to concisely write t{d) for t{ui/x\,. .. ,Un/x„) = (Axi • ■■x„.t)u\ ■■■u„. 

Definition 3.3. (Saturated sets) Let T be a type for higher order polynomials. A nonempty set X C A x n 
is a saturated set of type T if whenever {t,p) G X, we have f -||, /? is a closed higher order polynomial of 
type z and the following hold: 

(bound) TS{t) <ip. 

(monotonicity) (f , p + n) € X for every « G N. 

(exciiange) If ? = ?o(0,vi/3'i,V2/3'2,i^)", then {to{6,V2/y2,vi/yi,t,)u, p) eX. 

(weakening) If t = to {d)u, z^FV (to) and wJ|, then {to{d,w/z.)u, p + TS{w)+2) eX. 

(contraction) If? = tQ{d,w/zi,w/z2)u,then {to[z/zi ,z/ ZiKd ,w/z)u, p) €X. 

(concatenation) If? = (?o(0))(?i(<^))m, then ((?o?i)(0,(§)m, p) gX. 

(identity) If ? = ?om, then {{x{to/x) )u, p + 3) G X. 

By Lemma [231 (size), condition (bound) implies that |[[?]]| <i p. Note that condition (weakening) 
asks for an additional cost TS{w) + 2. This is due to our computational model: weak call-by-value 
reduction (Ax.?)w — )• t[w/x] requires that w is a value, even when x FV{t). 

We have to show that there exists at least one saturated set. The following proposition gives the 
canonical one. 

Proposition 3.4. Xq = {(?,«) : ? J| and TS{t) < n} is the greatest saturated set of type o. 

Proof. Conditions (bound) and (monotonicity) hold by definition. The other conditions follow from 
Lemma 1231 Xq is obviously greatest. D 

A valuation Vj maps each propositional variable a to a saturated set 77(a) of type o. T]{a ^ X} 
stands for a valuation which agrees with T] except that it assigns X to a. 

Definition 3.5. (Realizability) We define the relation t,p Ihf, A, where ? G A (called realizer), 7? is a 
closed higher order polynomial of type o{A) (called majorizer) and T] is a valuation. It induces the set 
A^ = {(?,/?) : t,p Ihjj A}. The definition proceeds by induction on A. 

• ?, « Ih^ a iff (?, n) G r\ (a). 

• ?, p Ihf, L ^ A iff r5'(?) <ip and u,m Ihf, L implies tu,p + m Ihf, A for every u,m. 

• ?, p lh,j B ^ A iff TS{t) <i p and u,q ll-,j B implies tu,p{q) ll-,j A for every u,q. 

• ?, p Ihf, VaA iff ?, p \\~ri{a^x} ^ for every saturated set X of type o. 

• ?, p \^r} IJ^ccL iff (?,/?) G X for every saturated setX of type o such that L^jq.^x} ^ ^■ 
Lemma 3.6. 

1. For every formula A, A,] = {(?,p) : ?,p IH,] A} /^ a saturated set of type o{A). 

2. For every A andL,wehave t.,p\\-rj A[L/^]ifft,p\'r <g^l 1 A. 

3. Ift^ph-q \/aA, then t^ph-q A[L/d\for every linear formula L. 

4. /iaL„ is the least fixpoint of f{X) = ^rjja^x}- 

5. ?,;7ll-^ jUaL/^?,p Ihr, L[jUaL/a]. 
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Proof. 1 and 2. By induction on A, noting that any non-empty intersection of saturated sets is again 
saturated. 

3. By 1 and 2. 

4. Notice that / is a monotone function since a occurs only positively in L. Call a saturated set X of type 
o a prefixpoint of / if f{X) C X. Then iJ.aL„ is the infimum of all prefixpoints of /. So paL„ C X for 
every prefixpoint X, and by monotonicity f{paL„) C f{X) C X. Since fxaL^ is the infimum of all such 
X's, we obtain f{paL^) C paL^. Applying monotonicity again, we get f{f{paL^)) C f(paL^), so 
f{paL^) is a prefixpoint of/. Hence /xaL^ C f(paL^). 

5. By 2 and 4, r,p ll-,j ^aL iff {t,p) G ;UaL^ iff {t,p) G f{paLj^) iff f ,p ll",j{«^^aL } ^ iff ^P ""n 
L[jUaL/a]. D 

3.3 Adequacy theorem 

The adequacy theorem is the crux of this paper. It states that DIAL/,„ is sound with respect to the 
realizability semantics we have introduced. 

Theorem 3.7 (Adequacy). Suppose that x : C',y : M \- t :A is derivable. Then there exists a higher order 
polynomial pix) : o(A) with variables x of type o{C) such that for any valuation T] we have the following. ■ 

u,q\h-q C, s,rn\\-n M ==?■ t{u/x,s/y),p{q) +m Ih^j A. 

Moreover, ifx =xi,. .. ,Xa and each Xj occurs Cj times in t, then 

(*) \t\+ciiqi-\ \-Caiqa<ipiq)- 

We call the above p(x) a majorizer of x : C;y :M\-t:A. 

Proof. By induction on the length of the derivation. We omit the cases for V and p, since they easily 
follow from Lemma [331 Accordingly, we do not specify the valuation T], simply writing Ih for lh,j. We 
distinguish the last inference rule of the derivation. 

Case (axl): For x : A;\- x : A, take p{x) = ;c + 3 as the majorizer. Condition (*) obviously holds. 

Ifu^qWA, then condition (identity) for saturated sets implies x(m/x),^ + 3 IhA, namely x(m/x),/7(^) Ih 
A. 

Case (ax2): For ;y : L\- y : L, take ;? = 3 as the majorizer. 

Case i^eY ^1 :Ci;yi :Mi l-?i :L^A ^2 '■C2,y2 : M2 h f2 : ^ 

xi :Ci,X2 :C2;ji '-^iJi :M2l-fi?2 :A 
By the induction hypothesis, we have majorizers pi(xi) : o{L —o A) and ^2(^2) '■ o{L) of the left and 
right premises, respectively. We claim that p{x[,X2) = Pi(^i) + Piixi) is the suitable majorizer of the 
conclusion. Notice that P2ix2) is of type o, so that the addition is well defined. Condition (*) follows by 
the induction hypothesis. 

Suppose that Ui,qj Ih C,- and ^;,m,- Ih M, for / = 1,2 and write 0,- for the list Ui/xi,Si/yj. 
Then the induction hypothesis yields ti{di),pi{qi) + mi I h L ^ A and ?2 ( ^2 ) 1 ^2 (^2 ) + "^2 I h L. Hence 
by the definition of realizability, ti{di)t2{62) , Pi{qi) + P2{Q2) ~^'^^ +m2 Ih A, so by conditions (concate- 
nation) and (exchange), {tit2)[ui/xi,U2/x2,si/yi,s2/y2],p{qi,'^2) +"^1 +"^2 IhA as required. 
Case i^e)- xi-.Cuy-.Mhtr.B^A X2 ■.€2;^ t2 : B 

xi :Ci,X2 : C2;y : M \- tit2 :A 
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By the induction hypothesis, we have majorizers Xz-Pi (^i ,z) : o{B) -^ o{A) and pii^i) '■ o{B) of the left 
and right premises, respectively. We claim that p{xi,X2) = pi (^i ,/?2(^2)) is the suitable majorizer of the 
conclusion. As before, condition (*) holds. 

Suppose that li;,^,- Ih C,- for / = 1,2, s,rn Ih M, and write di = u\/x\,'s/y and 02 = "2/^2- Then the 
induction hypothesis yields t\{d]) ,Xz-P\(^\,z)+'m\\- B ^ A and?2(02),/'2(^2) l^"^- Hence f 1(01)^2(62), 
Pi(^ii/'2(^2)) + "^ "~ ^' ^o by conditions (concatenation) and (exchange), {tit2)(u\_/xi,U2/x2,s/y)), 
p{iq^,q2) +rn\\- A Hi required. 

Case (^,): ^^C;y_^,z : L h r : A 

^:C;y :MI- Az.f -.L^^A 

By the induction hypothesis, we have a majorizer /?o(^) '■ o{A) of the premise. We claim that pix) = 
po{x) +d with constant d specified below is the suitable majorizer of the conclusion. Condition (*) 
holds if J > 1. 

Suppose that u,q\\- C, 5,m Ih M and write = u/x,'s/y. Then whenever w,k\\- L, the induction 
hypothesis gives us ?(0, w/z),77o(^) + m+k Ih A. By (monotonicity), t{d,w/z),p{q) + m+k Ih A, namely, 
w,k IhL implies (Az.?)(0)w, p{q) +m + ^lh A. 

Hence it just remains to verify that ((Az.?)(0), piiq) +rn) satisfies condition (bound). Suppose that 
X = x\,.. . ,Xa and each xi occurs at most c, times in t. We assume that c,- > 2 for / = 1, . . . ,a; the case 
Ci = 0, 1 can be easily treated by choosing d large enough. We have 

{Xz.t){e) = {ixyz-t)u-s^ {Xxyz.t)MM ^ {Xyz.t[M/A)M ^ ^zAMI^M/yl 

where «i = Time{u) + Time{s), rii, <di = the length of the listy, andn2 = I'^JZ.? [[[«]] /^]j — |(Alyz.?)[[l7]]| 
<(ci-l)|[[i^i]]| + --- + (c«-l)|K]]|<(ci-l)rS(Mi) + --- + (c«-l)rS(M«)byLemmas|23]andEll). 
Hence 

TS{{Xz-t){d)) = Time{{Xxyz-t)Tis) + \{Xxyz.t)us\ 

< Time{u) + Time{s) + {c\ — l)TS{u\) -\ h (q — l)TS{ua) + d\ + \t\ + \u\ + \'s\ +d2 

= \t\+ciTS{ui)-\ VCaTS{Ua) + TS(^)+d\ +d2, 

where d2 is the length of ^z. Because of TS{u) <iq, TS{s) < rn and condition (*), we obtain TS{{Xz.t) (0)) 
< p{^) +mby letting d = d\ + ^2- We therefore conclude {Xz-t){6), p{q) +rn\\- L —o A. 

Case (^,): ^_C,z_g;y : M h . : A 

x:C;y:MhXz.t:B^A 

By the induction hypothesis, we have a majorizer po{x,z) '■ o{A) of the premise. We claim that p{x) = 
?iZ-Poi^,z) + d : o{B) -^ o{A) with d a large enough constant is the suitable majorizer of the conclusion. 
The proof is just the same as above. 

Case (Contr): z, : B,Z2: B,x-.C-y -.M h t -.A 

z : B,x : C;y : M h t[z/zi,z/z2\ -A 

By the induction hypothesis, we have a majorizer po{zi,Z2,x) : o{A) of the premise. We can prove that 
p{z,x) = pq{z,z,x) is the suitable majorizer of the conclusion by using condition (contraction). 

Case (Weak): x:C;y -.Mh t -.A 



x:C;y:M,z:Lht:A 
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By the induction hypothesis, we have a majorizer po{x) : o{A) of the premise. We can prove that 
Po{x) + 2 : o{A) works for the conclusion by using condition (weakening). 



Case (Derel): 



x:C;y:M,z:L\-t :A 



x:C,z:L;y:M\-t:A 

By the induction hypothesis, we have a majorizer po{x) : o{A) of the premise. Then it is easy to see that 
p{x, z) = Po (^) + z works as a majorizer of the conclusion. D 

4 Polynomial time soundness 

In this section, we apply the adequacy theorem to prove that every term t of type W* =^ L (with L a Scott 
data type) represents a polynomial time function. There is, however, a technical problem due to the use 
of the weak call-by-value strategy. Since it does not reduce under A, if ? is of the form t = Xxy.t' , then 
the evaluation of t w* gets stuck after the first reduction. 

The problem can be settled by a little trick when L is fixpoint-free, eg., L = Bj (Subsection 14.11 ). 
However, the case when L = W° is not so easy. The main difficulty is that, although each bit of the 
output Scott word can be computed in polynomial time, its length is not yet ensured to be polynomial. 
The length cannot be detected by weak call-by-value; it rather depends on the size of the j3-normal form. 
We ai^e thus compelled to develop another realizability argument based on the j8 -normal form, which 
indeed ensures that the output is of polynomial length (Subsection 14.21 ). We will then be able to prove 
the polynomial time soundness for the Scott words (Subsection 14.31 ). 

4.1 Polynomial time soundness for predicates 

We first observe that Church numerals and words are bounded by linear majorizers. 
Lemma 4.1. 

1. For every « € N, we have n*,pn Ih N* with p„ = Xz-n{z + 3) + 3 : o — )• o. 

2. For every w G {0, 1}", we have vj*,q„ Ih W* with q„ = XzoZi-n(zo +Zi +3)+3:o^'0— s-o. 

Proof. Since both ai^e similar, we only prove the statement 1. We assume n> I, since the case n = is 
easy. Let tj be a valuation, u,m Ih^j a ^ a and v,k ll-,j a. 

By condition (identity), we have x{v/x),k + 3 Ih,^ a and fi{u/fi),m + 3 Ihr, a ^ a for any variable 
fi. So fi{u/fi){- ■■ {fn{u/fn)x{v/x)) ■■ ■),n{m + 3) +k + 3 \\-ri cc. By (concatenation) and (contraction), 
f"x{u/f,v/x),n{m + 3) + k + 3 Ihr, a. By noting that /"x(m//,v/;ic) = {Xfx.f"x)uv, we obtain ?ifx.f"x, 
Az.n(z + 3) + 3lh^ (a^a) ^ (a^a). D 

These linear majorizers are turned into polynomial ones when applied to majorizers of higher order 
type. As a consequence, we obtain a polynomial bound on the execution time. 

Theorem 4.2 (Weak soundness). Let L be a linear formula. If\-t: W* => L, then there exists a polyno- 
mial P such that for every w € {0, 1}*, Time{t\N*) < P{\w\). 

Proof. By the adequacy theorem, we have a majorizer Xx.p{x) : o(W° =^ L) = {o ^ o ^ o) ^f o such 
that t, Xx.p{x) Ih W* =^ L. Let w € {0, 1}". By the lemma above, we have \n* ,qn \\--q W . Hence by the 
definition of realizability, t\N* , p{qn) Ih L. 
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We prove that p{qn) : o is a polynomial in n by induction on the structure of the term p{x). We 
suppose that p{x) is in j3 normal form. 

If p{x) = k, then p{qn) = k is a. constant and obviously a polynomial in n. If p{x) = pi {x) + P2{x), 
then by the induction hypothesis p\{qn) and piiqn) are polynomials in n, so is p{qn)- Otherwise, 
p{x) must be of the form xpi{x)p2{x) since x is the only free variable and of type o ^ o ^- o. By 
the induction hypothesis, p\{qn) and pziqn) are polynomials in «. So p{qn) = qn{P\{qn)TP2{qn)) = 
n{pi (qn) + Piiqn) + 3) + 3 is still a polynomial in n. 

By condition (bound), we conclude that Time{t\N*) is bounded by p{qn), a polynomial in n. D 

This in particular implies that every term of type W* => Bj represents a polynomial time predicate. 

Corollary 4.3 (P-soundness for predicates). If t : W* =► B2, then the predicate ft : {0,1}* -^ {0,1} 
defined by ft{w) = 1 ^ [[^w*]]j3 = bi° is a polynomial time predicate. 

Proof Observe that Xx.txhlh\ : W* =^ 83 and for every w G {0, 1}* the term {Xx.txhlh°^)y^* reduces to 
either bg or b^ by the weak call-by-value strategy (see the proof of Lemma l^S] ). By the previous theorem, 
the runtime is bounded by a polynomial. D 

4.2 Size realizability 

As explained in the beginning of this section, the previous realizability semantics does not tell anything 
about the length of the output Scott words. We thus introduce another realizability semantics based on 
the (applicative) size of j8 -normal forms. Due to lack of space, we can only state the definitions and the 
result. 

Let (jf be the number of applications in t, which is more precisely defined by: 

(Ja; = 0, tt(f") = tt^ + tt"+ 1, '^Xx.t = '^t. 

tjf is not relevant for bounding the size of t in general (think of t = Xx\ ■ •■xyoQ.Xi; we have ji? = 0). 
However, when ? is a Scott word, |j? exactly corresponds to the length of the word represented by t. 

Definition 4.4 (Size-saturated sets). Let t be a type for higher order polynomials. A nonempty set 
Z C A X n is a size-saturated set of type T if whenever {t,p) ^X,t is normalizable, pis a. closed higher 
order polynomial of type T and the following hold: 

(bound') mh<iP- 

(weak') if t = to{6)u and z ^ FV {to), then {to{d,w/z)u, p) GX. 

(identity') ift = tQU, then {{x{tQ/x))u, p) e X. 

We also require conditions (mono tonicity), (exchange), (contraction), (concatenation) of Definition 13.51 
and finally, 

(variable) (^,0t) G X, where ^ is a fixed variable. 

Condition (variable) employs a fixed variable ^ (considered as an inert object), that helps us to deal 
with open terms. Notice that it contradicts the previous condition (bound); that is one reason why we 
have to consider size realizability separately from the previous one. 

As before, we have the greatest size-saturated set of type o: Xg = {{t,n) : tt[M]/3 < n}. A valuation f] 
is now supposed to map each propositional variable to a size-saturated set of type o. 

Definition 4.5 (Size realizability). We define the relation t,p W-'L A as in Definition l3.5[ except that 
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• t, p\\-^„ L —o A iff either ? = ^ (and p is arbitrary), or u,m ll-J, L implies tu,p + m W-'L A for every 



u,m. 



• f , p Ih^ B => A iff either t = >!*, or u,q Ih^ B implies tu,p{q) Ih^ A for every m,^. 

One can then verify that for every formula A and valuation rj, the set Af, = {{t,p) : ?,p ll-,j A} is a 
size-saturated set of type o{A). 

Theorem 4.6 (Size adequacy). Suppose that x : C',y '.M\-t:Ais derivable. Then there exists a higher 
order polynomial p{x) '. o{A) such that for any valuation T] we have the following. ■ 

u,q\\-ll C, v,/M Ih^ M =^ t{u/x,v/y),p{q) +/m Ih^ A. 

Theorem 4.7 (Size soundness). If\-t: W* => L, then there exists a polynomial P such that tt[[?w*]]^ < 

P{\w\) for every w £ {0,1}*. 

4.3 Polynomial time soundness for words 



As in the proof of Corollary 14.31 we use a little trick. First note that we have a predecessor p° 
Xz.z{Xx.x){Xx.x){e°) : W° -o W°. By employing it, we define 

q° = Xx.x{Xy.h°Q)iXy.b°i)b°2 : W° ^ B^, bit° = A;c.q°(p° • • • p°{x)) : W° -^ B^. 



Lemma 4.8. Suppose that t is a closed term of type W° and [[?]]jg represents a word w G {0, 1}" of length 
n. Then for any i < n, [[bit°(?)]] = bp or bp depending on the ith bit ofw. Ifi > n, [[bit°(?)]] = bj. 

Proof. The crucial fact is that given a closed term u of type W°, q°u always evaluates to b° for some 
y € {0, 1 , 2} by the weak call-by- value strategy. To see this, take a fresh propositional variable 7, variables 
Zo,Zi,Z2, and consider q° = Xx.x{Xy.zo){^y-Z\)z2 '■ W° -^ 7. Since q°M is of type 7, so is [[q^w]] by the 
subject reduction property. Hence it cannot be an abstraction. It cannot either be an application, since the 
only possible head variables arezo^zi andz2 of atomic type 7. Therefore [[q^w]] =Zj for some j G {0, 1,2}. 
By substituting by for zj, we obtain [[q°M]] = by. Now the claim is easily verified. D 

Finally we are able to prove the polynomial time soundness for words. 

Theorem 12.61 (FP-soundness). For every X-term t of type W* =^ W°, the associated function f, : 
{0, 1}* — > {0, 1}* defined by ft{w\) =W2<^ [[?wi*]]^ = W2° is a polynomial time function. 

Proof. By the adequacy theorem, we have f, Xx.p{x) Ih W* ^ W° for some Xx.p{x) : o{\N') -^ o. 

We also have p°,k\\- W° -^ W° and c\°,k' Ih W° -^ B3 for some constants k, k', from which we easily 
obtain Xx.b\t°{tx), Xx.p{x) + ik + k" h W* ^ B3 for some constant k" > k' . 

By inspecting the proof of Theorem 14.21 we obtain a polynomial P{x) such that Time{b\t°{t\N*)) < 
P{\w\) + ik for every w G {0, 1}" and every / G N. Furthermore, Theorem 14.71 gives a polynomial Q{x) 
such that tt[[fw*]]jg < 2(|w|), that implies that the Scott term [[?w*]]^ represents a word of length at most 

e(|w|). 

Now the desired word ft{w) can be obtained by computing the values of bito(?w*), bit; (?w*), bit2(fw*), 
. . . until we obtain [[bitj^(fw*)]] = b\. We know that m < Q{\w\). Hence the overall runtime is /?(|w|) with 
R{x) = 0{{P{x) + Qix))"^ ■ Q{x)) in view of TheoremEI] D 
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5 Concluding remarks 

Inspired by lITSl . we have introduced a purely logical system DIAL/,„ that captures precisely the class of 
polynomial time functions. To prove soundness, we have introduced a simple variant of the Hofmann-Dal 
Lago realizability. Here is a non-exhaustive list of the remaining open questions related to this work: 

• Can we, instead of using a dual type system, directly deal with the ! -connective? For the time 
being, it seems that it would considerably complicate the definition of the realizability relation. 

• We are compelled to introduce two realizability interpretations, one for bounding the runtime, and 
the other for bounding the length of the output. Is it possible to integrate them into one realizability 
interpretation? 

• Is it possible to relate our definition of realizability with the original one 161 more closely? We 
have observed that our higher order polynomials are equipped with the structure of partial resource 
monoid (Remark |3.2| ). Our definition of realizability is also derived from their notion of length 
space. Establishing an exact correspondence is, however, left to the future work. 

• We have adapted the tiered recursion characterization of the PTIME functions. Can we find a 
suitable logical system as well coiTcsponding to the tiered recursion characterizations of PSPACE 
and ALOGTIME in ED, lH and 111? 
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